New upstream version 1.14.6

Author: smcv

NEWS

@@ -1,3 +1,18 @@
+Changes in 1.14.6
+~~~~~~~~~~~~~~~~~
+
+Security fixes:
+
+ * Don't allow an executable name to be misinterpreted as a command-line
+   option for bwrap(1). This prevents a sandbox escape where a malicious
+   or compromised app could ask xdg-desktop-portal to generate a .desktop
+   file with access to files outside the sandbox. (CVE-2024-32462)
+
+Other bug fixes:
+
+ * Don't parse `<developer><name/></developer>` as the application name
+   (#5700)
+
 Changes in 1.14.5
 ~~~~~~~~~~~~~~~~~
 Released: 2023-12-08

app/flatpak-builtins-build.c

@@ -587,7 +587,8 @@ flatpak_builtin_build (int argc, char **argv, GCancellable *cancellable, GError
   if (!flatpak_bwrap_bundle_args (bwrap, 1, -1, FALSE, error))
     return FALSE;
 
-  flatpak_bwrap_add_args (bwrap, command, NULL);
+  flatpak_bwrap_add_args (bwrap, "--", command, NULL);
+
   flatpak_bwrap_append_argsv (bwrap,
                               &argv[rest_argv_start + 2],
                               rest_argc - 2);

common/flatpak-appdata.c

@@ -43,6 +43,7 @@ typedef struct
   gboolean   in_text;
   gboolean   in_component;
   gboolean   in_content_rating;
+  gboolean   in_developer;
   char      *lang;
   guint64    timestamp;
   const char *id;  /* interned */
@@ -119,7 +120,7 @@ start_element (GMarkupParseContext *context,
     {
       data->in_text = TRUE;
     }
-  else if (g_str_equal (element_name, "name") ||
+  else if ((!data->in_developer && g_str_equal (element_name, "name")) ||
            g_str_equal (element_name, "summary"))
     {
       const char *lang = NULL;
@@ -259,6 +260,10 @@ start_element (GMarkupParseContext *context,
           g_warning ("Ignoring content attribute missing id attribute");
         }
     }
+  else if (g_str_equal (element_name, "developer"))
+    {
+      data->in_developer = TRUE;
+    }
 }
 
 static void
@@ -294,7 +299,7 @@ end_element (GMarkupParseContext *context,
     {
       component->id = g_steal_pointer (&text);
     }
-  else if (g_str_equal (element_name, "name"))
+  else if (!data->in_developer && g_str_equal (element_name, "name"))
     {
       g_hash_table_insert (component->names, g_steal_pointer (&data->lang), g_steal_pointer (&text));
     }
@@ -316,6 +321,10 @@ end_element (GMarkupParseContext *context,
       g_assert (component->content_rating != NULL);
       g_hash_table_insert (component->content_rating, (gpointer) data->id, (gpointer) g_intern_string (text));
     }
+  else if (g_str_equal (element_name, "developer"))
+    {
+      data->in_developer = FALSE;
+    }
 }
 
 static void

common/flatpak-dir.c

@@ -7071,6 +7071,7 @@ flatpak_dir_run_triggers (FlatpakDir   *self,
                                   "--proc", "/proc",
                                   "--dev", "/dev",
                                   "--bind", basedir, basedir,
+                                  "--",
                                   NULL);
 #endif
           flatpak_bwrap_add_args (bwrap,

common/flatpak-run.c

@@ -1299,6 +1299,9 @@ add_bwrap_wrapper (FlatpakBwrap *bwrap,
   if (!flatpak_bwrap_bundle_args (bwrap, 1, -1, FALSE, error))
     return FALSE;
 
+  /* End of options: the next argument will be the executable name */
+  flatpak_bwrap_add_arg (bwrap, "--");
+
   return TRUE;
 }
 
@@ -4682,7 +4685,7 @@ flatpak_run_app (FlatpakDecomposed *app_ref,
   if (!flatpak_bwrap_bundle_args (bwrap, 1, -1, FALSE, error))
     return FALSE;
 
-  flatpak_bwrap_add_arg (bwrap, command);
+  flatpak_bwrap_add_args (bwrap, "--", command, NULL);
 
   if (!add_rest_args (bwrap, app_id,
                       exports, (flags & FLATPAK_RUN_FLAG_FILE_FORWARDING) != 0,

common/flatpak-version-macros.h

@@ -45,7 +45,7 @@
  *
  * The micro version.
  */
-#define FLATPAK_MICRO_VERSION (5)
+#define FLATPAK_MICRO_VERSION (6)
 
 /**
  * FLATPAK_CHECK_VERSION:

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for Flatpak 1.14.5.
+# Generated by GNU Autoconf 2.71 for Flatpak 1.14.6.
 #
 # Report bugs to <https://github.com/flatpak/flatpak/issues>.
 #
@@ -621,8 +621,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='Flatpak'
 PACKAGE_TARNAME='flatpak'
-PACKAGE_VERSION='1.14.5'
-PACKAGE_STRING='Flatpak 1.14.5'
+PACKAGE_VERSION='1.14.6'
+PACKAGE_STRING='Flatpak 1.14.6'
 PACKAGE_BUGREPORT='https://github.com/flatpak/flatpak/issues'
 PACKAGE_URL='http://flatpak.org/'
 
@@ -1642,7 +1642,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures Flatpak 1.14.5 to adapt to many kinds of systems.
+\`configure' configures Flatpak 1.14.6 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1713,7 +1713,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of Flatpak 1.14.5:";;
+     short | recursive ) echo "Configuration of Flatpak 1.14.6:";;
    esac
   cat <<\_ACEOF
 
@@ -2005,7 +2005,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-Flatpak configure 1.14.5
+Flatpak configure 1.14.6
 generated by GNU Autoconf 2.71
 
 Copyright (C) 2021 Free Software Foundation, Inc.
@@ -2356,7 +2356,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by Flatpak $as_me 1.14.5, which was
+It was created by Flatpak $as_me 1.14.6, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   $ $0$ac_configure_args_raw
@@ -14115,7 +14115,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='flatpak'
- VERSION='1.14.5'
+ VERSION='1.14.6'
 
 
 # Some tools Automake needs.
@@ -21921,10 +21921,10 @@ fi
 
 FLATPAK_MAJOR_VERSION=1
 FLATPAK_MINOR_VERSION=14
-FLATPAK_MICRO_VERSION=5
+FLATPAK_MICRO_VERSION=6
 FLATPAK_EXTRA_VERSION=
 FLATPAK_INTERFACE_AGE=0
-FLATPAK_VERSION=1.14.5
+FLATPAK_VERSION=1.14.6
 
 
 
@@ -21953,7 +21953,7 @@ printf "%s\n" "#define PACKAGE_EXTRA_VERSION $FLATPAK_EXTRA_VERSION" >>confdefs.
 
 
 
-LT_VERSION_INFO="11405:0:11405"
+LT_VERSION_INFO="11406:0:11406"
 LT_CURRENT_MINUS_AGE=0
 
 
@@ -22599,7 +22599,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by Flatpak $as_me 1.14.5, which was
+This file was extended by Flatpak $as_me 1.14.6, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -22668,7 +22668,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config='$ac_cs_config_escaped'
 ac_cs_version="\\
-Flatpak config.status 1.14.5
+Flatpak config.status 1.14.6
 configured by $0, generated by GNU Autoconf 2.71,
   with options \\"\$ac_cs_config\\"
 

configure.ac

@@ -15,7 +15,7 @@ AC_PREREQ([2.63])
 
 m4_define([flatpak_major_version], [1])
 m4_define([flatpak_minor_version], [14])
-m4_define([flatpak_micro_version], [5])
+m4_define([flatpak_micro_version], [6])
 m4_define([flatpak_extra_version], [])
 m4_define([flatpak_interface_age], [0])
 m4_define([flatpak_binary_age],